CISA IT Program Auditor

This role conducts evaluations of an IT program or its individual components to determine compliance with published standards, Federal government laws, regulations, and requirements.

Personnel performing this work role may unofficially or alternatively be called:

  • Information Assurance (IA) Auditor
  • IA Compliance Manager
  • IA Officer
  • Quality Assurance (QA) Specialist
  • Security Control Assessor
  • Validator

Category: Govern and Oversee
Specialty Area: Program/Project Management and Acquisition

Core Tasks

  • Develop methods to monitor and measure risk, compliance, and assurance efforts. (T0072)
  • Provide recommendations for possible improvements and upgrades. (T0208)
  • Review or conduct audits of information technology (IT) programs and projects. (T0223)
  • Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. (T0389)
  • Conduct import/export reviews for acquiring systems and software. (T0412)

Core Competencies

  • Data Analysis
  • Risk Management
  • Information Technology Assessment

Core Knowledge, Skills, Abilities (KSAs)

  • Knowledge of industry-standard and organizationally accepted analysis principles and methods. (K0043)
  • Knowledge of Risk Management Framework (RMF) requirements. (K0048)
  • Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system. (S0038)
  • Skill in conducting audits or reviews of technical systems. (S0085)

How to Apply

To apply for this work role, submit an application to one or more of CISA's vacancy announcements. Please ensure your resume has been updated to reflect your demonstrated experience performing the above tasks and describe your exposure to the listed competencies.

  1. Assign the appropriate Task ID and/or Core KSA ID to each experience statement in your resume. Task and KSA IDs are listed in parenthesis at the end of each bullet above.
  2. You must also include demonstrated experience on the four required competencies:
  • Attention to Detail
  • Customer Service
  • Oral Communication
  • Problem Solving

Was this webpage helpful?  Yes  |  Somewhat  |  No